Search

Search page

The basics of the Search menu in Web App are as follows.
elsa2-search_screen_ko

Field	Description
① Data source	Search or select projects or groups Only one group can be selected Up to 30 projects can be selected Projects and groups cannot be selected simultaneously Set groups to search several projects (recommended)
② Status	Checks the aggregation of the logLevel field
③ Aggregation	You can check the aggregation for any random log field Additional 10 random fields can be aggregated : you can add, edit, and reset new aggregations
④ Set search period	Set the time range to search the logs You can either set the period on the calendar or click More to set period from the examples Previous period/Auto update/Next period: click arrows to move to the previous or next period from the currently set period By clicking the Auto update button, you can refresh periodically and update logs
⑤ Import notification	Search logs with the preset notification items (queries) (refer to Manage alarms)
⑥ Import saved searches	Search logs with the preset query items (refer to Manage queries)
⑦ Search bar	Search logs by entering Lucene queries (refer to Apache Lucene) : save the queries entered in the search bar as alarms or queries. However, saving as alarms is only available when the data source is a single project.
⑧ Log status chart	Displays the hourly logLevel aggregation of the log search results in charts You can select the chart display time interval and hide/show charts Drag the mouse to select a certain area of the chart to reset the time range
⑨ Log list	Content of the searched logs is displayed in a list Click the log to see details By clicking the [Add aggregation] or [Add column] button, which is displayed when placing the mouse cursor on top of the field name, you can add the field to the aggregation or column It refers to the area displayed when placing the mouse pointer on top of the log text, and you can search fields with a partial or complete match with the log text. When matching with the field completely, a tooltip that says Complete match is displayed when placing the mouse pointer on top of the log text To search for fields that match the log text completely, click the Complete match tooltip, which is displayed when placing the mouse pointer on top (Context search): search previous/next log on the host where the corresponding log has occurred [± 1 Minute]/[± 5 Minutes]/[± 10 Minutes] buttons: displays logs within the selected time frame around the occurrence of the log The square in the first column represents log levels in colors, and when there is a bug-like icon inside the square, it means the log includes crash dump data. Log levels by color can be checked in either Status or Chart field Unfold all: displays all log content in an unfolded state Fold all: displays all log content in a folded state Download: download logs (JSON and CSV) or crash dumps (refer to Download logs) Full screen: displays the log page in full screen

Field

Description

① Data source

Search or select projects or groups

Only one group can be selected
Up to 30 projects can be selected
Projects and groups cannot be selected simultaneously
Set groups to search several projects (recommended)

② Status

Checks the aggregation of the logLevel field

③ Aggregation

You can check the aggregation for any random log field

Additional 10 random fields can be aggregated
: you can add, edit, and reset new aggregations

④ Set search period

Set the time range to search the logs

You can either set the period on the calendar or click More to set period from the examples
Previous period/Auto update/Next period: click arrows to move to the previous or next period from the currently set period By clicking the Auto update button, you can refresh periodically and update logs

⑤ Import notification

Search logs with the preset notification items (queries) (refer to Manage alarms)

⑥ Import saved searches

Search logs with the preset query items (refer to Manage queries)

⑦ Search bar

Search logs by entering Lucene queries (refer to Apache Lucene)

: save the queries entered in the search bar as alarms or queries. However, saving as alarms is only available when the data source is a single project.

⑧ Log status chart

Displays the hourly logLevel aggregation of the log search results in charts

You can select the chart display time interval and hide/show charts
Drag the mouse to select a certain area of the chart to reset the time range

⑨ Log list

Content of the searched logs is displayed in a list

Click the log to see details
- By clicking the [Add aggregation] or [Add column] button, which is displayed when placing the mouse cursor on top of the field name, you can add the field to the aggregation or column
- It refers to the area displayed when placing the mouse pointer on top of the log text, and you can search fields with a partial or complete match with the log text. When matching with the field completely, a tooltip that says Complete match is displayed when placing the mouse pointer on top of the log text
- To search for fields that match the log text completely, click the Complete match tooltip, which is displayed when placing the mouse pointer on top
(Context search): search previous/next log on the host where the corresponding log has occurred
- [± 1 Minute]/[± 5 Minutes]/[± 10 Minutes] buttons: displays logs within the selected time frame around the occurrence of the log
The square in the first column represents log levels in colors, and when there is a bug-like icon inside the square, it means the log includes crash dump data. Log levels by color can be checked in either Status or Chart field
Unfold all: displays all log content in an unfolded state
Fold all: displays all log content in a folded state
Download: download logs (JSON and CSV) or crash dumps (refer to Download logs)
Full screen: displays the log page in full screen

Note

When setting the log search period, a wide range of search that goes over a day may take some time, so applying the search filter with a narrower range of periods and then moving on to a wider range can facilitate the log searching.

Search log

The following shows how to search logs collected in Effective Log Search & Analytics 2.0 in Web App's Search menu.

Access Web App. (Refer to Access Web App)

Click the Search menu.

Enter the name of the project or group in the data source search bar.

Click the search field, and recently searched project or group names are displayed.
When entering a search keyword, the search result window appears and shows the names of projects or groups that include the keyword.
To search logs with the notification items, click the Import notification button and select the item in the import notification popup window.
To search logs with the notification items, click the Import notification button and select the item in the import notification popup window.
You can also search by clicking on each item in the Project, Group, Notification, Saved search menus in the Management menu.

When searching logs in the search result window, select projects or a group to search logs from and click any area other than the search result window.

Up to 30 projects can be selected and only 1 group can be selected.
Charts and detailed log items for the number of collected logs for the last 30 minutes based on the current time are displayed.

Enter the Lucene queries in the search bar, or reset the items in the status field and aggregation field to search logs.

For detailed information on the Lucene syntax, see Apache Lucene.

Note

There are some occasions where you place the mouse pointer on some log text and the Complete match tooltip displays. With this tooltip feature, you can search the fields only where the entire text matches with the log text, not just partial matches.

Select or deselect the issue status in the Status field for the desired condition.
- Status: FATAL, ERROR, WARN, INFO, and DEBUG
Select or deselect the aggregation items in the Aggregation field for the desired condition.
- : select/deselect aggregation items, change order, delete, add new aggregation name, and reset

Check the log search results.

For more information, see Search page.

Download logs

The following shows how to download log search results.

Access Web App. (Refer to Access Web App)

Click the Search menu.

Search and filter the logs. (Refer to Search logs)

Click the [Download logs] button from the log list and select the type of logs.

Log (JSON/CSV): download the entire viewed logs in JSON or CSV format
Crash dump: download crash dump logs

When downloading logs (JSON/CSV), select download options in the log download popup window.

Format: select the file format (CSV or JSON)
Number: number of logs to download
Compression: select whether to download the data in file compression format
- When the compression feature is on, logs will be downloaded in several files.
- When the compression feature is off, logs will be downloaded in a single file. However, the download time will increase due to the increased file size.
Number of logs per file: number of logs to be saved in a file
Field: select the field to download (in case of CSV format, you must select the field)

When downloading crash dumps, click the [Crash dump] button in process No. 3 to download the files immediately.

Click [Download].

The files in which logs are saved will be downloaded.

Search

Search page

Search log

Download logs

What's Next